mattermost

607 tracked vulnerabilities.

CVE-2022-2401 MEDIUM
Mattermost < 6.3.9 - Unauthenticated Exposure of Sensitive User Information via API
Jul 14, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-2366 MEDIUM
Mattermost Server <= 6.7.0 - Incorrect Default Permissions via Trusted IP Header
Jul 12, 2022
CVSS 5.6
EPSS 0.01
CVE-2022-1982 MEDIUM
Mattermost < 6.3.8 and 6.6.0 - Authenticated Denial of Service via Crafted SVG Attachment
Jun 02, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1548 LOW
Mattermost Playbooks < 1.25.0 - Privilege Escalation via User Permission Mismanagement
May 03, 2022
CVSS 3.7
EPSS 0.01
CVE-2022-1385 LOW
Mattermost < 6.5.0 - Unauthenticated Exposure of Resource to Wrong Sphere via Email Invitation
Apr 19, 2022
CVSS 3.7
EPSS 0.01
CVE-2022-1384 MEDIUM
Mattermost < 6.5.0 - Authenticated Plugin Version Check Bypass
Apr 19, 2022
CVSS 4.7
EPSS 0.01
CVE-2022-1337 MEDIUM
Mattermost Server < 6.4.2 - Authenticated Denial of Service via Image Proxy Memory Allocation
Apr 13, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1333 LOW
Mattermost Playbooks < 1.24.0 - Authenticated Denial of Service via Webhook Limit Bypass
Apr 13, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-1332 MEDIUM
Mattermost Server 5.37.0-5.37.8 and 6.4.0-6.4.1 - Authenticated Privilege Escalation via API
Apr 13, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1003 LOW
Mattermost <6.3.0 - Privilege Escalation
Mar 18, 2022
CVSS 3.3
EPSS 0.00
CVE-2022-1002 LOW
Mattermost < 6.4.0 - Cross-Site Scripting via Guest User Email Invitation
Mar 18, 2022
CVSS 2.0
EPSS 0.01
CVE-2022-0904 MEDIUM
Mattermost Server <= 6.3.2 - Denial of Service via Malicious Apple Pages Document
Mar 10, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-0903 MEDIUM
Mattermost Server <= 6.3.2 - Denial of Service via SAML Login POST Body
Mar 10, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-0708 MEDIUM
Mattermost <6.3.0 - Info Disclosure
Feb 21, 2022
CVSS 4.3
EPSS 0.01
CVE-2021-37867 MEDIUM
Mattermost Boards < 0.10.0 - Authenticated Sensitive Information Exposure via API
Jan 18, 2022
CVSS 4.3
EPSS 0.01
CVE-2021-37866 MEDIUM
Mattermost Boards < 0.10.0 - Insufficient Session Expiration
Jan 18, 2022
CVSS 4.7
EPSS 0.01
CVE-2021-37865 MEDIUM
Mattermost < 6.2.0 - Authenticated Denial of Service via Crafted GIF File Upload
Jan 18, 2022
CVSS 4.3
EPSS 0.01
CVE-2021-37864 LOW
Mattermost < 6.1 - Authenticated Improper Access Control via Archived Channel API
Jan 18, 2022
CVSS 2.6
EPSS 0.01
CVE-2021-37863 LOW
Mattermost < 6.0 - Authenticated Denial of Service via Malicious Post Creation
Dec 17, 2021
CVSS 3.5
EPSS 0.01
CVE-2021-37862 LOW
Mattermost < 6.0 - Email Address Spoofing via Crafted Invitation Token
Dec 17, 2021
CVSS 3.7
EPSS 0.01
CVE-2021-37861 MEDIUM
Mattermost < 6.0.2 - Password Exposure in Audit Logs
Dec 09, 2021
CVSS 5.8
EPSS 0.01
CVE-2021-37860 LOW
Mattermost < 5.38 - Stored Cross-Site Scripting via Clipboard Content
Sep 22, 2021
CVSS 3.7
EPSS 0.01
CVE-2021-37859 HIGH
Mattermost 5.32.0-5.34.5 - Reflected Cross-Site Scripting Bypass in OAuth Flow
Aug 05, 2021
CVSS 7.1
EPSS 0.03
CVE-2020-13891 HIGH
Mattermost Mobile Apps <1.31.2 - Open Redirect
Jun 26, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-14460 MEDIUM
Mattermost Server <5.19.0 - Privilege Escalation
Jun 19, 2020
CVSS 6.5
EPSS 0.01